1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-12-22 10:19:57 +01:00

2369 Commits

Author SHA1 Message Date
Werner Koch
a480182f9d
gpg: Allow direct key generation from card with --full-gen-key.
* g10/call-agent.c (agent_scd_readkey): New.
* g10/keygen.c (ask_key_flags): Factor code out to ..
(ask_key_flags_with_mask): new.
(ask_algo): New mode 14.
--

Note that this new menu 14 is always displayed.  The usage flags can
be changed only in --expert mode, though.  Creating and using signing
keys works but decryption does not yet work; we will need to tweak a
couple of other places for that.  Tested with a Yubikey's PIV app.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-02 18:57:09 +02:00
Werner Koch
9ed1aa56c4
sm: Show the usage flags when generating a key from a card.
* g10/call-agent.c (scd_keypairinfo_status_cb): Also store the usage
flags.
* sm/call-agent.c (scd_keypairinfo_status_cb): Ditto.
* sm/certreqgen-ui.c (gpgsm_gencertreq_tty): Print the usage flags.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 19:58:33 +02:00
Werner Koch
e47524c34a
gpg: Prepare card code to allow other than OpenPGP cards.
* g10/call-agent.c (start_agent): Use card app auto selection.
* g10/card-util.c (current_card_status): Print the Application type.
(card_status): Put empty line between card listings.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 19:24:33 +02:00
Werner Koch
0fad61de15
gpg: New card function agent_scd_keypairinfo.
* g10/call-agent.c (scd_keypairinfo_status_cb)
(agent_scd_keypairinfo): New.  Taken from gpgsm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 18:37:02 +02:00
Werner Koch
334b16b868
gpg: Remove two unused card related functions.
* g10/call-agent.c (inq_writekey_parms): Remove.
(agent_scd_writekey): Remove.
(agent_clear_pin_cache): Remove this stub.
2019-04-01 18:34:19 +02:00
Werner Koch
3a4534d826
gpg: Remove unused arg in a card related function.
* g10/call-agent.c (agent_scd_setattr): Remove unused arg serialno.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-04-01 18:13:43 +02:00
Trevor Bentley
4324560b2c gpg: Don't use EdDSA algo ID for ECDSA curves.
* g10/keygen.c (ask_curve): Change algo ID to ECDSA if it changed from
an EdDSA curve.

--

This change matters when it is called from ask_card_keyattr.

Some-comments-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-27 11:03:58 +09:00
Werner Koch
5205512fc0
gpg: Allow import of PGP desktop exported secret keys.
* g10/import.c (NODE_TRANSFER_SECKEY): New.
(import): Add attic kludge.
(transfer_secret_keys): Add arg only_marked.
(resync_sec_with_pub_keyblock): Return removed seckeys via new arg
r_removedsecs.
(import_secret_one): New arg r_secattic.  Change to take ownership of
arg keyblock.  Implement extra secret key import logic.  Factor some
code out to ...
(do_transfer): New.
(import_matching_seckeys): New.
--

The PGP desktops exported secret keys are really stupid.  And they
even a have kind of exception in rfc4880 which does not rule that
out (section 11.2):

  [...]  Implementations SHOULD include self-signatures on any user
  IDs and subkeys, as this allows for a complete public key to be
  automatically extracted from the transferable secret key.
  Implementations MAY choose to omit the self-signatures, especially
  if a transferable public key accompanies the transferable secret
  key.

Now if they would only put the public key before the secret
key. Anyway we now have a workaround for that ugliness.

GnuPG-bug-id: 4392
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-18 13:07:14 +01:00
Werner Koch
f799e9728b
gpg: Avoid importing secret keys if the keyblock is not valid.
* g10/keydb.h (struct kbnode_struct): Replace unused field RECNO by
new field TAG.
* g10/kbnode.c (alloc_node): Change accordingly.
* g10/import.c (import_one): Add arg r_valid.
(sec_to_pub_keyblock): Set tags.
(resync_sec_with_pub_keyblock): New.
(import_secret_one): Change return code to gpg_error_t.   Return an
error code if sec_to_pub_keyblock failed.  Resync secret keyblock.
--

When importing an invalid secret key ring for example without key
binding signatures or no UIDs, gpg used to let gpg-agent store the
secret keys anyway.  This is clearly a bug because the diagnostics
before claimed that for example the subkeys have been skipped.
Importing the secret key parameters then anyway is surprising in
particular because a gpg -k does not show the key.  After importing
the public key the secret keys suddenly showed up.

This changes the behaviour of
GnuPG-bug-id: 4392
to me more consistent but is not a solution to the actual bug.

Caution: The ecc.scm test now fails because two of the sample keys
         don't have binding signatures.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-15 20:41:38 +01:00
Werner Koch
f64477db86
gpg: During secret key import print "sec" instead of "pub".
* g10/keyedit.c (show_basic_key_info): New arg 'print_sec'.  Remove
useless code for "sub" and "ssb".
* g10/import.c (import_one): Pass FROM_SK to show_basic_key_info.  Do
not print the first  keyinfo in FROM_SK mode.
printing.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-15 19:14:34 +01:00
Werner Koch
f06b6fe47f
gpg: Simplify an interactive import status line.
* g10/cpr.c (write_status_printf): Escape CR and LF.
* g10/import.c (print_import_check): Simplify by using
write_status_printf and hexfingerprint.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-15 13:03:34 +01:00
Werner Koch
3e1f3df618
gpg: Fix recently introduced use after free.
* g10/mainproc.c (proc_plaintext): Do not use freed memory.
--

GnuPG-bug-id: 4407
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-15 08:55:06 +01:00
Werner Koch
bdda31a26b
kbx: Unify the fingerprint search modes.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR16)
(KEYDB_SEARCH_MODE_FPR20, KEYDB_SEARCH_MODE_FPR32): Remove.  Switch
all users to KEYDB_SEARCH_MODE_FPR along with the fprlen value.
--

These search modes were added over time and there has until recently
be no incentive to remove the cruft.  With the change for v5 keys I
finally went over all places and allowed the generic fingerprint mode
along with a given length of the fingerprint at all places.
Consequently the other modes can now be removed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 14:55:06 +01:00
Werner Koch
caf4b3fc16
gpg: Make rfc4880bis the default.
* g10/gpg.c (set_compliance_option, main): Change CO_GNUPG to include
rfc4880bis features.
(main): Change rfc4880bis warning to a note.
--

Note that the default is CO_GNUPG and not CO_OPENPGP.  CO_OPENPGP does
not include rfc4880bis yet and has a couple of things we don't like,
like --allow-non-selfsigned-uids.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:26:54 +01:00
Werner Koch
01c87d4ce2
gpg: Implement v5 keys and v5 signatures.
* g10/build-packet.c (gpg_mpi_write): New optional arg
R_NWRITTEN.  Allow NULL for OUT.  Change all callers.
(do_key): Support v5 keys.
(build_sig_subpkt_from_sig): Support 32 byte fingerprints.
* g10/parse-packet.c (parse_signature): First try to set the keyid
from the issuer fingerprint.
(parse_key): Support v5 keys.
(create_gpg_control): Better make sure to always allocate the static
size of the struct in case future compilers print warnings.
* g10/keyid.c (hash_public_key): Add v5 support.
(keyid_from_pk): Ditto.
(keyid_from_fingerprint): Ditto.
(fingerprint_from_pk): Ditto.
* g10/keygen.c (KEYGEN_FLAG_CREATE_V5_KEY): New.
(pVERSION, pSUBVERSION): New.
(add_feature_v5): New.
(keygen_upd_std_prefs): Call it.
(do_create_from_keygrip): Add arg keygen_flags and support the v5
flag.
(common_gen): Support the v5 flag.
(parse_key_parameter_part): New flags v4 and v5.
(parse_key_parameter_string): Add args for version and subversion.
(read_parameter_file): New keywords "Key-Version" and
"Subkey-Version".
(quickgen_set_para): Add arg 'version'.
(quick_generate_keypair, generate_keypair): Support version parms.
(do_generate_keypair): Support v5 key flag.
(generate_subkeypair): Ditto.
(generate_card_subkeypair): Preparse for keyflags.
(gen_card_key): Ditto.
* g10/sig-check.c (check_signature2): Add args extrahash and
extrahashlen.
(check_signature_end): Ditto.
(check_signature_end_simple): Ditto.  Use them.
* g10/mainproc.c (proc_plaintext): Put extra hash infor into the
control packet.
(do_check_sig): Add args extrahas and extrahashlen and pass them on.
(issuer_fpr_raw): Support 32 byte fingerprint.
(check_sig_and_print): get extra hash data and pass it on.
--

Note that this is only basic support and requires more fine
tuning/fixing.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:26:54 +01:00
Werner Koch
f40e9d6a52
kbx: Add support for 32 byte fingerprints.
* common/userids.c (classify_user_id): Support 32 byte fingerprints.
* kbx/keybox-search-desc.h (KEYDB_SEARCH_MODE_FPR32): New.
(struct keydb_search_desc): Add field fprlen.
* kbx/keybox-defs.h (struct _keybox_openpgp_key_info): Add field
version and increase size of fpr to 32.
* kbx/keybox-blob.c: Define new version 2 for PGP and X509 blobs.
(struct keyboxblob_key): Add field fprlen and increase size of fpr.
(pgp_create_key_part_single): Allow larger fingerprints.
(create_blob_header): Implement blob version 2 and add arg want_fpr32.
(_keybox_create_openpgp_blob): Detect the need for blob version 2.
* kbx/keybox-search.c (blob_get_first_keyid): Support 32 byte
fingerprints.
(blob_cmp_fpr): Ditto.
(blob_cmp_fpr_part): Ditto.
(has_fingerprint): Add arg fprlen and pass on.
(keybox_search): Support KEYDB_SEARCH_MODE_FPR32 and adjust for
changed has_fingerprint.
* kbx/keybox-openpgp.c (parse_key): Support version 5 keys.
* kbx/keybox-dump.c (_keybox_dump_blob): Support blob version 2.

* g10/delkey.c (do_delete_key): Support KEYDB_SEARCH_MODE_FPR32.
* g10/export.c (exact_subkey_match_p): Ditto.
* g10/gpg.c (main): Ditto.
* g10/getkey.c (get_pubkey_byfprint): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
* g10/keydb.c (keydb_search_desc_dump): Support
KEYDB_SEARCH_MODE_FPR32 and adjust for changed KEYDB_SEARCH_MODE_FPR.
(keydb_search): Add new arg fprlen and change all callers.
* g10/keyedit.c (find_by_primary_fpr): Ditto.
* g10/keyid.c (keystr_from_desc): Ditto.
* g10/keyring.c (keyring_search): Ditto.
* g10/keyserver.c (print_keyrec): Ditto.
(parse_keyrec): Ditto.
(keyserver_export): Ditto.
(keyserver_retrieval_screener): Ditto.
(keyserver_import): Ditto.
(keyserver_import_fprint): Ditto.
(keyidlist): Ditto.
(keyserver_get_chunk): Ditto.

* g10/keydb.c (keydb_search): Add new arg fprlen and change all
callers.

* sm/keydb.c (keydb_search_fpr): Adjust for changed
KEYDB_SEARCH_MODE_FPR.
--

This prepares the support for OpenPGP v5 keys.  The new version 2 blob
format is needed for the longer fingerprints and we also use this
opportunity to prepare for storing the keygrip in the blob for faster
lookup by keygrip.  Right now this is not yet functional.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:26:54 +01:00
Werner Koch
a21ca3a1ef
gpg: Implemented latest rfc4880bis version 5 packet hashing.
* configure.ac (AC_CHECK_SIZEOF): Test size_t.
* g10/sig-check.c (check_signature_end_simple): Support v5 signatures
as per current rfc4880bis.  For correctness also allow for N > 2^32.
* g10/sign.c (pt_extra_hash_data_t): New.
(hash_sigversion_to_magic): New arg EXTRAHASH.
(write_plaintext_packet): New arg R_EXTRAHASH.
(write_signature_packets): Pass EXTRAHASH.
(sign_file): Ditto.
(sign_symencrypt_file): Ditto.
--

Take care: The code path for v5 sigs has not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-14 11:26:54 +01:00
NIIBE Yutaka
f199b627ce Fix the previous commit.
* g10/ecdh.c (kek_params_table): Revert the change.
* scd/app-openpgp.c (ecdh_params): Use CIPHER_ALGO_AES256
for 384-bit key.

--

Avoiding CIPHER_ALGO_AES192 is intentional here.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-14 08:23:38 +09:00
NIIBE Yutaka
af3efd149f g10: Fix symmetric cipher algo constant for ECDH.
* g10/ecdh.c (kek_params_table): Use CIPHER_ALGO_AES192 for
ECC strength 384, according to RFC-6637.

--

Reported-by: Trevor Bentley
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-03-13 09:12:14 +09:00
Werner Koch
db87132b10
gpg: Make invalid primary key algos obvious in key listings.
* g10/keylist.c (print_key_line): Print a warning for invalid algos.
--

Non-OpenPGP compliant keys now show a warning flag on the sec or pub
line like in:

  gpg: can't encode a 256 bit MD into a 88 bits frame, algo=8
  sec   cv25519 2019-01-30 [INVALID_ALGO]
        4239F3D606A19258E7A88C3F9A3F4F909C5034C5
  uid           [ultimate] ffffff

Instead of showing the usage flags "[CE]".  Without this patch only
the error message is printed and the reason for it was not immediately
obvious (cv25519 is encryption only but we always consider the primary
key as having the "C" flag).

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-03-05 12:39:11 +01:00
Werner Koch
140fda8c61
gpg: Emit an ERROR status if no key was found with --list-keys.
* g10/keylist.c (list_one): Emit status line.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-30 14:40:26 +01:00
Werner Koch
346a98fabe
gpg: Allow generating Ed25519 key from an existing key.
* g10/misc.c (map_pk_gcry_to_openpgp): Add EdDSA mapping.
--

Due to this missing mapping a "gpg --export --full-gen-key" with
selection "13 - Existing key" did not worked for an ed25519 key.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-30 11:28:14 +01:00
Werner Koch
f382984966
common: Provide some convenient OpenPGP related constants.
* common/openpgpdefs.h (OPENPGP_MAX_NPKEY): New.
(OPENPGP_MAX_NSKEY): New.
(OPENPGP_MAX_NSIG): New.
(OPENPGP_MAX_NENC): New.
* g10/packet.h: Define PUBKEY_MAX using the new consts.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-29 18:20:34 +01:00
Werner Koch
54f88afba4
gpg: Fix just changed agent_get_s2k_count.
* g10/call-agent.c (agent_get_s2k_count): Actually return the count.
--

The previous push was definitely a bit to hasty.
Fixes-Commit: ec13b1c562e34c0fcbc7b848ab6dc187b79cf2c1

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:17:54 +01:00
Werner Koch
ec13b1c562
gpg: Move S2K encoding function to a shared file.
* g10/passphrase.c (encode_s2k_iterations): Move function to ...
* common/openpgp-s2k.c: new file.  Remove default intialization code.
* common/openpgpdefs.h (S2K_DECODE_COUNT): New to keep only one copy.
* g10/call-agent.c (agent_get_s2k_count): Change to return the count
and print an error.
* agent/protect.c: Include openpgpdefs.h
* g10/card-util.c (gen_kdf_data): Adjust for changes
* g10/gpgcompose.c: Include call-agent.h.
(sk_esk): Adjust for changes.
* g10/passphrase (passphrase_to_dek): Adjust for changes.
* g10/main.h (S2K_DECODE_COUNT): Remove macro.

Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-26 23:10:38 +01:00
Werner Koch
f97dc55ff1
gpg: Stop early when trying to create a primary Elgamal key.
* g10/misc.c (openpgp_pk_test_algo2): Add extra check.
--

The problem is that --key-gen --batch with a parameter file didn't
detect that Elgamal is not capable of signing and so an error was only
triggered at the time the self-signature was created.  See the code
comment for details.

GnuPG-bug-id: 4329
Signed-off-by: Werner Koch <wk@gnupg.org>
2019-01-22 10:06:15 +01:00
NIIBE Yutaka
dafffa95b2 gpg: Report STATUS_NO_SECKEY when it is examined.
* g10/packet.h (struct pubkey_enc_list): Add result.
* g10/mainproc.c (proc_pubkey_enc): Initialize ->result.
(proc_encrypted): Report STATUS_NO_SECKEY status.
* g10/pubkey-enc.c (get_session_key): Set ->result.

--

This change is for GPGME compatibility.  Before this change,
gpgme/tests/json/t-json failed with t-decrypt-verify.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2019-01-16 10:27:21 +09:00
NIIBE Yutaka
ebf775eb16 card: Suppress error message by agent_scd_cardlist.
* g10/call-agent.c (agent_scd_cardlist): Add
FLAG_FOR_CARD_SUPPRESS_ERRORS.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-12 10:28:51 +09:00
Werner Koch
e7252ae57f
gpg: In search-keys return "Not found" instead of "No Data".
* g10/keyserver.c (keyserver_search): Check for NO_DATA.
--

GnuPG-bug-id: 3830
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-11 12:29:58 +01:00
NIIBE Yutaka
e154fba30b g10: Fix print_pubkey_info new line output.
* g10/keylist.c (print_pubkey_info): Reverse the condition.

--

This mistakes were introduced when replacing by estream.

It resulted 'gpg --card-status' from a process with no controlling
terminal fails.

Fixes-commit: fb2ba98963beea249474f5d6d7345cf9b4b7f570
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-12-05 16:44:59 +09:00
Werner Koch
c6e2ee0207
gpg: Prepare revocation keys for use with v5 keys.
* g10/packet.h (struct revocation_key): Add field 'fprlen'.
* g10/parse-packet.c (parse_revkeys): Set fprlen and allow for v5
keys.  Also fix reading of unitialized data at place where
MAX_FINGERPRINT_LEN is used.
* g10/revoke.c (gen_desig_revoke): Allow for v5 keys and use fprlen.
Do an explicit compare to avoid reading unitialized data.
* g10/sig-check.c (check_revocation_keys): Use the fprlen.
* g10/getkey.c (merge_selfsigs_main): Do an explicit copy to avoid
reading unitialized data.
* g10/import.c (revocation_present): Use fprlen.
* g10/keyedit.c (show_key_with_all_names): Use fprlen.
(menu_addrevoker): Use fprlen.  Allow for v5 keys.
* g10/keygen.c (keygen_add_revkey): Use fprlen.
(parse_revocation_key): Allow for v5 keys.
* g10/keyid.c (keyid_from_fingerprint): Allow for v5 keys.  Print a
better error message in case of bogus fingerprints.
* g10/keylist.c (print_revokers): Use fprlen.
--

The reading of uninitialized data is harmless but we better fix it to
make valgrind happy.  More serious was that we always passed
MAX_FINGERPRINT_LEN but we will need to support 20 and 32 octet
fingerprints and MAX_FINGERPRINT_LEN would be too large for a v4.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:43:19 +01:00
Werner Koch
0e8bf20479
gpg: New list-option "show-only-fpr-mbox".
* g10/gpg.c (parse_list_options): Add option "show-only-fpr-mbox".
* g10/options.h (LIST_SHOW_ONLY_FPR_MBOX): New.
* g10/keylist.c (list_keyblock_simple): New.
(list_keyblock): Call it.
(list_all): Do not print the keyring name in LIST_SHOW_ONLY_FPR_MBOX
mode.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-12-04 15:31:41 +01:00
Jussi Kivilinna
73e74de0e3 g10/mainproc: disable hash contexts when --skip-verify is used
* g10/mainproc.c (proc_plaintext): Do not enable hash contexts when
opt.skip_verify is set.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-12-01 13:43:10 +02:00
Werner Koch
cd64af003d
gpg: Improve error message about failed keygrip computation.
* g10/keyid.c (keygrip_from_pk): Print the fingerprint on failure.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-30 12:36:40 +01:00
Werner Koch
e5c3a6999a
doc: Clarify use of clear and nodefault in the AKL.
--
2018-11-21 09:20:56 +01:00
Werner Koch
1e700961dd
gpg: Start using OCB mode by default with Libgcrypt 1.9.
* g10/main.h (GCRYPT_VERSION_NUMBER): Fix type in condition.
--

GnuPG-bug-id: 4259
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-16 09:19:10 +01:00
NIIBE Yutaka
e955ca245e card: Display UIF setting.
* g10/call-agent.h (agent_card_info_s): Add UIF fields.
* g10/call-agent.c (learn_status_cb): Put UIF DOs info.
* g10/card-util.c (current_card_status): Output for UIF.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 13:57:31 +09:00
NIIBE Yutaka
05d163aebc scd: Make "learn" report about KDF data object.
* scd/app-openpgp.c (do_learn_status): Report KDF attr.
* g10/card-util.c (current_card_status): Output KDF for with_colons.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 13:56:27 +09:00
NIIBE Yutaka
a5542a4a70 card: Display if KDF is enabled or not.
* g10/call-agent.h (kdf_do_enabled): New field.
* g10/call-agent.c (learn_status_cb): Set kdf_do_enabled if available.
* g10/card-util.c (current_card_status): Inform the availability.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-15 12:31:11 +09:00
Werner Koch
6b9f772914
common: Prepare for parsing mail sub-addresses.
* common/mbox-util.c (mailbox_from_userid): Add arg subaddress and
implement.  Change all callers to pass false for it.

* common/t-mbox-util.c (run_mbox_no_sub_test): New.
(run_filter): Add arg no_sub.
(main): Call new test and add option --no-sub.
--

Some stats: In the about 5300000 keys on the SKS servers we found 3055
unique mailboxes with a '+' in it.  After removing leading and
trailing '+' as well as multiple '+' (e.g. "c++" or "foo+bar+baz")
2697 were left which seem to be valid sub-addresses.

To filter mailboxes out from a line delimited list with
user-ids (e.g. an SQL output), the command

   t-mbox-util --verbose --filter

can be used; to output w/o sub-addresses add --no-sub.

GnuPG-bug-id: 4200
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-12 07:44:33 +01:00
Werner Koch
bbed4746ed
gpg: Fix format string in gpgcompose.c
--

For size_t  use "%zu"
For ssize_t use "%zd"

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-11-11 12:20:34 +01:00
Jussi Kivilinna
b46382dd47 g10/mainproc: avoid extra hash contexts when decrypting AEAD input
* g10/mainproc.c (mainproc_context): New member
'seen_pkt_encrypted_aead'.
(release_list): Clear 'seen_pkt_encrypted_aead'.
(proc_encrypted): Set 'seen_pkt_encrypted_aead'.
(have_seen_pkt_encrypted_aead): New.
(proc_plaintext): Do not enable extra hash contexts when decryption
AEAD input.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-09 18:07:18 +02:00
Jussi Kivilinna
643ec7c642 g10/armor: optimize radix64 to binary conversion
* g10/armor.c (asctobin): Larger look-up table for fast path.
(initialize): Update 'asctobin' initialization.
(radix64_read): Add fast path for radix64 to binary conversion.
--

This patch adds fast path for radix64 to binary conversion in
armored decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  9.8          200 MB/s
 decrypt-cfb:   11.9         168 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e8142cc69a g10/armor: optimize binary to radix64 conversion
* g10/armor.c (bintoasc): Change to read-only.
(initialize): Use const pointer for 'bintoasc'.
(armor_output_buf_as_radix64): New function for faster binary to
radix64 conversion.
(armor_filter): Use new conversion function.
--

This patch adds faster binary to radix64 conversion to speed up
armored encryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc+radix64 opt)
-------------------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  2.7          523 MB/s
 encrypt-cfb:   6.7          264 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e486d4f025 g10/armor: use libgcrypt's CRC24 implementation
* g10/armor.c (CRCINIT, CRCPOLY, CRCUPDATE, crc_table): Remove.
(new_armor_context): Open libgcrypt CRC24 context.
(release_armor_context): Close CRC24 context.
(initialize): Remove CRC table generation.
(get_afx_crc): New.
(check_input, fake_packet, radix64_read, armor_filter): Update to use
CRC24 context.
* g10/filter.h (armor_filter_context_t): Replace crc intermediate value
with libgcrypt md context pointer.
--

This patch changes armor filter to use optimized CRC24 implementation
from libgcrypt to speed up encryption and decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt+iobuf+crc opt)
-----------------------------
               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  8.7          211 MB/s
 decrypt-aead:  17.6         116 MB/s
 encrypt-cfb:   12.6         153 MB/s
 decrypt-cfb:   19.6         105 MB/s

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
47424881b2 g10/armor: remove unused unarmor_pump code
* g10/armor.c (unarmor_state_e, unarmor_pump_s, unarmor_pump_new)
(unarmor_pump_release, unarmor_pump): Remove.
* g10/filter.h (UnarmorPump, unarmor_pump_new, unarmor_pump_release)
(unarmor_pump): Remove.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
a571bb8df5 g10/armor: fix eof checks in radix64_read
* g10/armor.c (radix64_read): Check EOF with '!afx->buffer_len' instead
of 'c == -1', as 'c' is never set to this value.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
5d6c080522 g10/decrypt-data: use iobuf_read for higher performance
* g10/decrypt-data.c (fill_buffer): Use iobuf_read instead of iobuf_get
for reading data.
--

This patch reduces iobuf_read per byte processing overhead and speeds
up decryption.

Benchmark results below, tested on Intel Core i7-4790K (turbo off).
Encrypted 2 GiB through pipe to ramfs file using AES128. Decrypt
ramfs file out through pipe to /dev/null.

before patch-set
----------------
	       gpg process
no-armor:      user time    pipe transfer rate
 encrypt-aead:  1.02         1.0 GB/s
 decrypt-aead:  10.8         185 MB/s
 encrypt-cfb:   4.8          342 MB/s
 decrypt-cfb:   12.7         157 MB/s

               gpg process
armor:         user time    pipe transfer rate
 encrypt-aead:  13.8         140 MB/s
 decrypt-aead:  30.6         68 MB/s
 encrypt-cfb:   17.4         114 MB/s
 decrypt-cfb:   32.6         64 MB/s

after (decrypt opt)
-------------------
               gpg process
no-armor:      user time    pipe transfer rate
 decrypt-aead:  7.3          263 MB/s
 decrypt-cfb:   9.3          211 MB/s

               gpg process
armor:         user time    pipe transfer rate
 decrypt-aead:  27.0         77 MB/s
 decrypt-cfb:   29.0         72 MB/s

Note: decryption results are much slower than encryption because of
extra SHA1 & RIPEMD160 hashing.

GnuPG-bug-id: 3786
Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
Jussi Kivilinna
e2b9095de3 g10/decrypt-data: use fill_buffer in more places
* g10/decrypt-data.c (mdc_decode_filter, decode_filter): Use
fill_buffer.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna@iki.fi>
2018-11-08 21:31:12 +02:00
NIIBE Yutaka
69930f6884 gpgcompose: Fix --sk-esk.
* g10/gpgcompose.c (sk_esk): Copy the result content correctly.
Don't forget to free the result.

--

Fixes-commit: 0131d4369a81a51bf7bb328cc81a3bb082ed1a94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-08 20:52:38 +09:00
NIIBE Yutaka
7fc3decc2e g10: Fix log_debug formatting.
* g10/cipher-aead.c (do_flush): No cast is correct.
* g10/decrypt-data.c (aead_underflow): No cast needed.
Use "%j" for uint64_t for chunklen.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-08 12:14:23 +09:00
NIIBE Yutaka
01b77ebbb7 g10: Fix print_keygrip for smartcard.
* g10/card-util.c (print_keygrip): Use tty_fprintf.

--

Reported-by: Joey Pabalinas <joeypabalinas@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-11-06 15:37:04 +09:00
Daniel Kahn Gillmor
a7c5d65eb5 all: fix more spelling errors 2018-10-25 16:53:05 -04:00
Daniel Kahn Gillmor
b39ece7d35 headers: fix spelling
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-25 16:53:05 -04:00
NIIBE Yutaka
0240345728 g10,scd: Improve UIF support.
* g10/call-agent.c (learn_status_cb): Parse "bt" flag.
* g10/call-agent.h: New member field "bt".
* g10/card-util.c (uif): Limit its access only when it is supported.
* scd/app-openpgp.c (do_setattr): Allow access to UIF objects only
when there is a button.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-10-25 16:20:20 +09:00
Daniel Kahn Gillmor
54eb375ff1 all: fix spelling and typos
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-10-24 15:56:18 -04:00
Werner Koch
64a1e86fc0
gpg: Unfinished support for v5 signatures.
* g10/parse-packet.c (parse_signature): Allow for v5 signatures.
* g10/sig-check.c (check_signature_end_simple): Support the 64bit v5
byte count.
* g10/sign.c (hash_sigversion_to_magic): Ditto.
(write_signature_packets): Request v5 sig for v5 keys.  Remove useless
condition.
(make_keysig_packet): Request v5 sig for v5 keys.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-24 16:18:27 +02:00
Werner Koch
3b88bceb4d
indent: Modernize g10/sign.c
--
2018-10-24 16:00:20 +02:00
Werner Koch
150a33df41
gpg: Don't take the a TOFU trust model from the trustdb,
* g10/tdbio.c (tdbio_update_version_record): Never store a TOFU model.
(create_version_record): Don't init as TOFU.
(tdbio_db_matches_options): Don't indicate a change in case TOFU is
stored in an old trustdb file.
--

This change allows to switch between a tofu and pgp or tofu+pgp trust
model without an auto rebuild of the trustdb.  This also requires that
the tofu trust model is requested on the command line.  If TOFU will
ever be the default we need to tweak the model detection via TM_AUTO
by also looking into the TOFU data base,

GnuPG-bug-id: 4134
2018-10-10 11:46:16 +02:00
Werner Koch
b6275f3bda
gpg: Fix extra check for sign usage of a data signature.
* g10/sig-check.c (check_signature_end_simple):
--

Obviously we should not ignore a back signature here.

Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-08 16:14:17 +02:00
Werner Koch
79f165d7a8
gpg: Make --skip-hidden-recipients work again.
* g10/pubkey-enc.c (get_session_key): Take care of
opt.skip_hidden_recipients.
--
This was lost due to
Fixes-commit: ce2f71760155b71a71418fe145a557c99bd52290
GnuPG-bug-id: 4169

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-08 15:38:37 +02:00
Werner Koch
3c2ffd27f3
gpg: Add new card vendor
--
2018-10-04 09:57:03 +02:00
Werner Koch
8e83493dae
gpg: New options import-drop-uids and export-drop-uids.
* g10/options.h (IMPORT_DROP_UIDS): New.
(EXPORT_DROP_UIDS): New.
* g10/import.c (parse_import_options): Add option "import-drop-uids".
(import_one): Don't bail out with that options and no uids found.
Also remove all uids.
(remove_all_uids): New.
* g10/export.c (parse_export_options): Add option "export-drop-uids".
(do_export_one_keyblock): Implement option.
--

These options are required for experiments with changes to the
keyserver infrastructure.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-10-02 11:03:27 +02:00
NIIBE Yutaka
0cb65564e0 g10,scd: Support UIF changing command.
* g10/card-util.c (uif, cmdUIF): New.
(card_edit): Add call to uif by cmdUIF.
* scd/app-openpgp.c (do_getattr): Support UIF-1, UIF-2, and UIF-3.
(do_setattr): Likewise.
(do_learn_status): Learn UIF-1, UIF-2, and UIF-3.

--

GnuPG-bug-id: 4158
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-27 16:45:27 +09:00
NIIBE Yutaka
fe8b633954 g10: Fix memory leak for --card-status.
* g10/card-util.c (card_status): Release memory of serial number.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-18 09:34:00 +09:00
NIIBE Yutaka
60c880bda5 g10: Fix another memory leak.
* g10/skclist.c (enum_secret_keys): Use SK_LIST instead of pubkey_t.

--

The use of pubkey_t was wrong.  The use is just a list of keys, not
with keyblock.  With SK_LIST, release_sk_list releases memory by
free_public_key.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14 08:11:45 +09:00
NIIBE Yutaka
2eb481e8cc g10: Fix memory leak (more).
* g10/skclist.c (enum_secret_keys): Free SERIALNO on update.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14 08:02:16 +09:00
NIIBE Yutaka
64c5c45e2a g10: Fix memory leak in enum_secret_keys.
* g10/skclist.c (enum_secret_keys): Don't forget to call
free_public_key in the error return paths.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4140
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-14 07:55:20 +09:00
Werner Koch
bee65edfbc
dirmngr: Emit SOURCE status also on NO_DATA.
* dirmngr/ks-engine-hkp.c (ks_hkp_search): Send SOURCE status also on
NO DATA error.
(ks_hkp_get): Ditto.
* g10/call-dirmngr.c (gpg_dirmngr_ks_search): Print "data source" info
also on error.
(gpg_dirmngr_ks_get): Ditto.
--

If a keyserver does not return any data it can be useful to know which
keyserver out of the pool answered.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-09-07 11:48:18 +02:00
NIIBE Yutaka
7c96cc67e1 g10: Fix memory leak.
* g10/import.c (read_block): Call free_packet to skip the packet.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 3916
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-07 13:01:52 +09:00
NIIBE Yutaka
625ced6e67 Fix use of strncpy, which is actually good to use memcpy.
* common/ssh-utils.c (get_fingerprint): Use memcpy.
* g10/build-packet.c (string_to_notation): Use memcpy.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-09-06 11:41:13 +09:00
Werner Koch
1bfe766bcf
gpg: Explain error message in key generation with --batch
* g10/keygen.c (generate_keypair): Show more info.
--

GnuPG-bug-id: 3912
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29 15:14:29 +02:00
Werner Koch
ed8fe21e66
gpg: Remove unused function get_pubkeys.
* g10/getkey.c (get_pubkeys): Remove.
(pubkey_free): Remove and use code directly ...
(pubkeys_free): ... here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29 11:53:59 +02:00
Werner Koch
3da835713f
gpg: New option --known-notation.
* g10/gpg.c (oKnownNotation): New const.
(opts): Add option --known-notation.
(main): Set option.
* g10/parse-packet.c (known_notations_list): New local var.
(register_known_notation): New.
(can_handle_critical_notation): Rewrite to handle the new feature.
Also print the name of unknown notations in verbose mode.
--

GnuPG-bug-id: 4060
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-29 09:36:09 +02:00
Werner Koch
7f172404bf
gpg: Refresh expired keys originating from the WKD.
* g10/getkey.c (getkey_ctx_s): New field found_via_akl.
(get_pubkey_byname): Set it.
(only_expired_enc_subkeys): New.
(get_best_pubkey_byname): Add support to refresh expired keys from the
WKD.
--

A little drawback of that code is that if the WKD has no update for an
expired key each access of the key will trigger a WKD lookup (unless
cached by the dirmngr).  To avoid this we need to record the last time
we have checked for an update but that would in turn require that we
update the keyring for each check.  We defer this until we have a
better key database which allows for fast updates of meta data.

Testing the code is currently a bit cumbersome because it requires to
update a key in the WKD several times.  Eventually we we need a
network emulation layer to provide sample data for the regression
tests.

GnuPG-bug-id: 2917
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 15:22:35 +02:00
Werner Koch
db67ccb759
gpg: Remove unused arg from a function.
* g10/getkey.c (get_best_pubkey_byname): Remove unused arg 'no_akl'.
Change both callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-28 15:16:19 +02:00
Werner Koch
108702ccae
gpg: Prepare for longer card fingerprints.
* g10/call-agent.h (agent_card_info_s): Rename the "*valid" fields to
"*len".
* g10/call-agent.c (unhexify_fpr): Change to take a FPRLEN and to
return the actual length.
(agent_release_card_info): Adjust for these changes.
* g10/card-util.c (print_sha1_fpr): Rename to print_shax_fpr and add
arg FPRLEN.  Change all callers to pass the length.
(print_sha1_fpr_colon): Rename to print_shax_fpr_colon and add arg
FPRLEN.  Change all callers to pass the length.
(fpr_is_zero): Add arg FPRLEN.
(fpr_is_ff): Ditto.
(show_card_key_info): Use the new functions.
* g10/skclist.c (enum_secret_keys): Use MAX_FINGERPRINT_LEN.
--

This is not needed right now but we should get rid of all hard coded
fingerprint lengths.  Thus this change.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-08-27 16:57:04 +02:00
NIIBE Yutaka
b823788d20 g10: Fix enum_secret_keys for card keys.
* g10/skclist.c (enum_secret_keys): Since "KEY-FPR" returns
fingerprint in binary, change it to hex string.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 16:25:05 +09:00
NIIBE Yutaka
84cc55880a g10: Prefer to available card keys for decryption.
* g10/skclist.c (enum_secret_keys): Add logic to prefer
decryption keys on cards.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 16:24:45 +09:00
NIIBE Yutaka
03a8de7def g10: Move enum_secret_keys to skclist.c.
* g10/getkey.c (enum_secret_keys): Move to...
* g10/skclist.c (enum_secret_keys): ... here.

--

The function enum_secret_keys is not used by gpgv.c, but it is in
getkey.c.  Extending enum_secret_keys will require change of gpgv.c,
so moving the function to the file for gpg is better.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 16:24:27 +09:00
NIIBE Yutaka
6bb93fc295 g10: Fix comment of enum_secret_keys.
* g10/getkey.c (enum_secret_keys): Fix comment for usage of
enum_secret_keys, following the previous change.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 16:24:11 +09:00
NIIBE Yutaka
30153c65f0 g10: Enumerated keys for decryption should be unique.
* g10/getkey.c (enum_secret_keys): Collecting keys in the context,
check duplicate to make sure returning only unique keys.
* g10/pubkey-enc.c (get_session_key): Now, it's the responsibility of
enum_secret_keys to free keys.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 16:24:00 +09:00
NIIBE Yutaka
ce2f717601 g10: Change decryption key selection for public key encryption.
* g10/mainproc.c (struct mainproc_context): It's now pubkey_enc_list.
(do_proc_packets): Remove the first arg CTRL.  Fix call of
proc_pubkey_enc.
(release_list): Handle pubkey_enc_list.
(proc_pubkey_enc): Remove the first arg CTRL.  Simply put the packet
to pubkey_enc_list.
(print_pkenc_list): Remove the last arg FAILED.
(proc_encrypted): Only call print_pkenc_list once.
Handle DEK here.
(proc_packets, proc_signature_packets, proc_signature_packets_by_fd)
(proc_encryption_packets): Fix call of do_proc_packets.
* g10/packet.h (struct pubkey_enc_list): Define.
* g10/pubkey-enc.c (get_it): Change the second argument K.
(get_session_key): Select session key by LIST, using enum_secret_keys.
* g10/gpgv.c (get_session_key): Change the second argument K.
* g10/test-stubs.c (get_session_key): Likewise.

--

Collect all PKT_PUBKEY_ENC packets, and then, process the
PKT_ENCRYPTED* packet.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-27 13:12:31 +09:00
NIIBE Yutaka
1b309d9f61 g10: Fix undefined behavior when EOF in parsing packet for S2K.
* g10/parse-packet.c (parse_symkeyenc): Use iobuf_get_noeof.
(parse_key): Likewise.

--

When EOF comes at parsing s2k.count, it is possible the value will
be (unsigned long)-1.  Then, the result of S2K_DECODE_COUNT will be
undefined.  This patch fixes undefined behavior.

Reported-by: Philippe Antoine
GnuPG-bug-id: 4093
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-08-10 15:29:06 +09:00
Werner Koch
e88f56f193
gpg: Set a limit for a WKD import of 256 KiB.
* g10/call-dirmngr.c (MAX_WKD_RESULT_LENGTH): New.
(gpg_dirmngr_wkd_get): Use it.
--

WKD should return only a single key with just one UID.  For key
rollover 2 keys may be send.  A total of 256 KiB seems to be a
generous limit here.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-27 17:48:18 +02:00
Werner Koch
bd4048c533
dirmngr: Print a WARNING status for DNS config problems.
* dirmngr/dirmngr-status.h: New.
* dirmngr/dirmngr.h: Include dirmngr-status.h and move some prototypes
to that file.
* dirmngr/t-support.c: New.
* dirmngr/Makefile.am (dirmngr_SOURCES): Add dirmngr-status.h.
(t_common_src): Add t-support.c.
* dirmngr/server.c (dirmngr_status_printf): Bypass if CTRL is NULL.
* dirmngr/dns-stuff.c: Include dirmngr-status.h.
(libdns_init): Print WARNING status line.  Change call callers to take
and pass a CTRL argument.
* g10/call-dirmngr.c (ks_status_cb): Print info for new WARNING
status.
--

To test this you can change RESOLV_CONF_NAME in dns-stuff.c and run
gpg --recv-key -v SOMETHING.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-25 14:35:04 +02:00
Werner Koch
9aa1b368ef
gpg: Use 128 MiB as default AEAD chunk size.
* g10/gpg.c (oDebugAllowLargeChunks): New.
(opts): New option --debug-allow-large-chunks.
(main): Implement that option.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-24 09:58:02 +02:00
Werner Koch
76989d5bd8
gpg: Remove multiple subkey bindings during export-clean.
* g10/key-clean.c (clean_one_subkey_dupsigs): New.
(clean_all_subkeys): Call it.
--

GnuPG-bug-id: 3804
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-09 12:01:02 +02:00
Werner Koch
c2fd65ec84
gpg: Let export-clean remove expired subkeys.
* g10/key-clean.h (KEY_CLEAN_NONE, KEY_CLEAN_INVALID)
(KEY_CLEAN_ENCR, KEY_CLEAN_AUTHENCR, KEY_CLEAN_ALL): New.
* g10/key-clean.c (clean_one_subkey): New.
(clean_all_subkeys): Add arg CLEAN_LEVEL.
* g10/import.c (import_one): Call clean_all_subkeys with
KEY_CLEAN_NONE.
* g10/export.c (do_export_stream): Call clean_all_subkeys depedning on
the export clean options.
--

GnuPG-bug-id: 3622
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-09 09:49:21 +02:00
Werner Koch
6c3567196f
gpg: Split key cleaning function for clarity.
* g10/key-clean.c (clean_key): Rename to clean_all_uids and split
subkey cleaning into ...
(clean_all_subkeys): new.  Call that always after the former clean_key
invocations.
--

Note that the clean_all_subkeys function will later be extended.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-09 08:15:50 +02:00
Werner Koch
135e46ea48
gpg: Move key cleaning functions to a separate file.
* g10/trust.c (mark_usable_uid_certs, clean_sigs_from_uid)
(clean_uid_from_key, clean_one_uid, clean_key): Move to ...
* g10/key-clean.c: new file.
* g10/key-clean.h: New.
* g10/Makefile.am (gpg_sources): Add new files.
* g10/export.c, g10/import.c, g10/keyedit.c, g10/trustdb.c: Include
new header.
* g10/trustdb.h (struct key_item, is_in_klist): Move to ...
* g10/keydb.h: here.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-06 11:40:16 +02:00
Werner Koch
f7526c7bc7
gpg: Prepare for signatures with ISSUER_FPR but without ISSUER.
* g10/getkey.c (get_pubkey_for_sig): New.
(get_pubkeyblock_for_sig): New.
* g10/mainproc.c (issuer_fpr_raw): Give global scope.
(check_sig_and_print): Use get_pubkeyblock_for_sig.
* g10/pkclist.c (check_signatures_trust): Use get_pubkey_for_sig.
* g10/sig-check.c (check_signature2): Ditto.
(check_signature_over_key_or_uid): Ditto.
--

GnuPG-bug-id: 4046

The whole getkey stuff is still a mess with way to much duplication
and missing caching of already fetched data.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-05 20:55:32 +02:00
Werner Koch
9ea9b9db7e
doc: Typo fix in a comment.
--
2018-07-05 09:42:06 +02:00
Werner Koch
01cd66f9fa
gpg: Ignore too large user ids during import.
* g10/import.c (read_block): Add special treatment for bad user ids
and comment packets.
--

See
GnuPG-bug-id: 4022
for an example of a bogus user id.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-04 09:58:05 +02:00
Werner Koch
60e7e102a1
indent: Fix indentation of read_block in g10/import.c
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-04 09:45:52 +02:00
Werner Koch
214b007726
gpg: Extra check for sign usage when verifying a data signature.
* g10/sig-check.c (check_signature_end_simple): Check sign usage.
--

Without this patch the signature verification fails only due to the
missing back signature.  This check better explains what went wrong.

GnuPG-bug-id: 4014
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-07-04 09:01:10 +02:00
NIIBE Yutaka
996febbab2 g10: Fix memory leak for PKT_signature.
* g10/getkey.c (buf_to_sig): Free by free_seckey_enc.
* g10/gpgcompose.c (signature): Likewise.
* g10/sign.c (write_signature_packets): Likewise.

--

Reported-by: Philippe Antoine
GnuPG-bug-id: 4047
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-07-03 09:07:03 +09:00
Werner Koch
592deeddb9
gpg: Print revocation reason for "rev" records.
* g10/main.h: Add prototype.
* g10/keylist.c (list_keyblock_print): Print revocation info.
(list_keyblock_colon): Ditto.

* g10/test-stubs.c (get_revocation_reason): New stub.
* g10/gpgv.c (get_revocation_reason): New stub.
--

GnuPG-bug-id: 1173
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-21 20:28:51 +02:00
Werner Koch
b7cd2c2093
gpg: Print revocation reason for "rvs" records.
* g10/import.c (get_revocation_reason): New.
(list_standalone_revocation): Extend function.
--

Note that this function extends the "rvs" field signature-class (field
11) with the revocation reason.  GPGME does not yet parse this but it
can be expected that the comma delimiter does not break other parsers.

A new field is added to the "rvs" (and in future also the "rev")
record to carry a record specific comment.  Hopefully all parsers
meanwhile learned the lesson from other new fields and don't bail out
on more fields than they know about.

This is partial solution to
GnuPG-bug-id: 1173

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-21 20:03:44 +02:00
Werner Koch
386b9c4f25
gpg: Let --show-keys print revocation certificates.
* g10/import.c (list_standalone_revocation): New.
(import_revoke_cert): Call new function.
--

GnuPG-bug-id: 4018
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-21 15:06:40 +02:00
Werner Koch
cb52eb76b3
Some preparations to eventuallt use gpgrt_argparse.
* configure.ac (GNUPG_DEF_COPYRIGHT_LINE: New.
* tools/watchgnupg.c (print_version): USe this macro.
* common/init.c (_init_common_subsystems): Register argparse
functions.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-12 16:11:19 +02:00
Werner Koch
fe621cc64b
gpg: Do not import revocations with --show-keys.
* g10/import.c (import_revoke_cert): Add arg 'options'.  Take care of
IMPORT_DRY_RUN.
--

GnuPG-bug-id: 4017
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-12 09:07:16 +02:00
NIIBE Yutaka
8f99299a54 card: Fix memory leak for fetch-url sub command.
* g10/card-util.c (fetch_url): Release INFO.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-12 15:54:18 +09:00
Daniel Kahn Gillmor
2ddfb5bef9
gpg: Add new usage option for drop-subkey filters.
* g10/import.c (impex_filter_getval): Add new "usage" property for
drop-subkey filter.
--

For example, this permits extraction of only encryption-capable
subkeys like so:

    gpg --export-filter 'drop-subkey=usage !~ e' --export $FPR

GnuPG-Bug-id: 4019
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2018-06-12 08:19:19 +02:00
Werner Koch
d2bc66f241
gpg: Set some list options with --show-keys
* g10/gpg.c (main): Set some list options.
--

The new command --show-keys is commonly used to check the content of a
file with keys.  In this case it can be expected that all included
subkeys and uids are of interested, even when they are already expired
or have been revoked.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-11 08:48:21 +02:00
Werner Koch
13f135c7a2
gpg: Sanitize diagnostic with the original file name.
* g10/mainproc.c (proc_plaintext): Sanitize verbose output.
--

This fixes a forgotten sanitation of user supplied data in a verbose
mode diagnostic.  The mention CVE is about using this to inject
status-fd lines into the stderr output.  Other harm good as well be
done.  Note that GPGME based applications are not affected because
GPGME does not fold status output into stderr.

CVE-id: CVE-2018-12020
GnuPG-bug-id: 4012
2018-06-08 10:45:21 +02:00
Werner Koch
26746fe65d
gpg: Improve import's repair-key duplicate signature detection.
* g10/key-check.c (key_check_all_keysigs): Factor some code out to ...
(remove_duplicate_sigs): new.
(key_check_all_keysigs): Call remove_duplicate_sigs again after
reordering.
--

This is a follupup for commit 26bce2f01d2029ea2b8a8dbbe36118e3c83c5cba
to cleanup the code and to add a second de-duplicate step when needed.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-07 18:41:17 +02:00
Werner Koch
26bce2f01d
gpg: Fix import's repair-key duplicate signature detection.
* g10/packet.h (PKG_siganture): Add field 'help_counter'.
* g10/key-check.c (sig_comparison): Take care of HELP_COUNTER.
(key_check_all_keysigs): De-duplicate on a per-block base.
--

The key_check_all_keysigs first does a detection of duplicate
signature.  This is done over all signatures at once.  The problem
here is for example:

   key
   uid_1
     sig_uid_1.1
     sig_uid_1.2
   subkey_1
     sig_sub_1.1
   subkey_2
     sig_sub_2.1
     sig_sub_2.2  (duplicate of sig_sub_1.1)

Now the de-duplication deletes the first signature and keeps the
second.  That works in most cases for foreign signature on userids but
in the above constellation the code simply removes sig_sub_1.1 so that
subkey_1 has no binding signature anymore.  In a later step during
import the missing binding is detected and subkey_1 is removed because
it is not anymore valid.  The sig_sub_2.2 will also be removed later
because it does not check out for subkey_2 (that is as expected).

The fix is to let the de-duplication work only on blocks (ie. within
the signatures of a user id or a subkey).  This will not detect all
duplicates but that does not harm because later steps will detect and
remove them.

In the above case (with this patch applied) the second phase of
key_check_all_keysigs will reorder key signatures and move the
duplicate sig_sub_2.2 directly after sig_sub_1.1.  This duplicates the
signature and for cleanness we should kick the de-duplication process
again.  This will be done with a followup patch.

GnuPG-bug-id: 3994
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-07 17:22:58 +02:00
Werner Koch
1bc6b51742
gpg: Improve verbose output during import.
* g10/import.c (chk_self_sigs): Print the subkeyid in addition to the
keyid.
(delete_inv_parts): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-07 10:30:07 +02:00
Werner Koch
344b548dc7
gpg: Also detect a plaintext packet before an encrypted packet.
* g10/mainproc.c (proc_encrypted): Print warning and later force an
error.
--

Note that when this error is triggered the plaintext from the literal
data packet has already been outputted before the BEGIN_DECRYPTION
status line.  We fail only later to get more information.  Callers
need to check and act upon the decryption error code anyway.

Thanks to Marcus for pointing out this case.

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 15:46:34 +02:00
Werner Koch
257661d6ae
gpg: New command --show-keys.
* g10/gpg.c (aShowKeys): New const.
(opts): New command --show-keys.
(main): Implement command.
* g10/import.c (import_keys_internal): Don't print stats in show-only
mode.
(import_one): Be silent in show-only mode.
--

Using

  --import --import-options show-only

to look at a key is too cumbersome.  Provide this shortcut and also
remove some diagnostic cruft in this case.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-06-06 11:57:34 +02:00
NIIBE Yutaka
d2e6b3ea1d g10: Remove bogus comment.
* g10/mainproc.c (proc_pubkey_enc): Remove a comment.

--

GnuPG always uses the OpenPGP algo number in its status report.
We can find a function in GPGME, it's _gpgme_map_pk_algo.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-06-05 11:22:10 +09:00
Werner Koch
874e391665
gpg: Print a hint on how to decrypt a non-mdc message anyway.
* g10/mainproc.c (proc_encrypted): Print a hint for legacy ciphers w/o
MDC.  Also print a dedicated status error code

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-31 12:59:40 +02:00
Werner Koch
d3d41146b3
gpg: Ignore the multiple message override options.
* g10/gpg.c (oAllowMultisigVerification)
(oAllowMultipleMessages, oNoAllowMultipleMessages): Remove.
(opts): Turn --allow-multisig-verification, --allow-multiple-messages
and --no-allow-multiple-messages into NOPs
* g10/options.h (struct opt): Remove flags.allow_multiple_messages.
* g10/mainproc.c (proc_plaintext): Assume allow_multiple_messages is
false.
--

These options are very old compatibility hacks and should not be used
anymore.  We keep them as dummy options in case someone has them in
the conf file.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-30 22:05:57 +02:00
Werner Koch
97183b5c0f
gpg: Detect multiple literal plaintext packets more reliable.
* g10/mainproc.c (proc_encrypted): Bump LITERALS_SEEN.
--

GnuPG-bug-id: 4000
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-30 21:45:37 +02:00
Werner Koch
b2c05d6912
gpg: Remove PGP6 compliance mode.
* g10/gpg.c: Make --pgp6 an alias for --pgp7.
* common/compliance.h (gnupg_compliance_mode): Remove CO_PGP6.
* g10/options.h (PGP6): Remove.  Adjust all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 13:01:12 +02:00
Werner Koch
253e8bdd90
gpg: Remove MDC options
* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 12:42:52 +02:00
Werner Koch
af4a5dbe57
gpg: Fix detection of the AEAD feature flag.
* g10/getkey.c (fixup_uidnode): Use bitmask 0x02.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-29 12:24:19 +02:00
Werner Koch
d1431901f0
gpg: Hard fail on a missing MDC even for legacy algorithms.
* g10/mainproc.c (proc_encrypted): Require an MDC or AEAD
* tests/openpgp/defs.scm (create-gpghome): Use --ignore-mdc-error to
allow testing with the current files.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-15 12:38:17 +02:00
Werner Koch
96350c5d5a
gpg: Turn --no-mdc-warn into a NOP.
* g10/gpg.c (oNoMDCWarn): Remove.
(opts): Make --no-mdc-warn a NOP.
(main): Don't set var.
* g10/options.h (struct opt): Remove 'no_mdc_var'.
* g10/cipher-cfb.c (write_header): Assume opt.no_mdc_warn is false.
* g10/mainproc.c (proc_encrypted): Ditto.
--

Users should not be allowed to suppress the warning that they are
shooting into their foot.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-15 12:20:04 +02:00
Werner Koch
7b7576637d
Merge branch 'STABLE-BRANCH-2-2' into master
--

Resolved Conflicts:
	NEWS  - removed
	configure.ac - removed

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-13 13:29:40 +02:00
Werner Koch
d26363e4f1
gpg: Fix minor memory leak in the compress filter.
* g10/compress.c (push_compress_filter2): Return an error if no filter
was pushed.
(push_compress_filter): Ditto.
(handle_compressed): Free CFX if no filter was pushed.
* g10/import.c (read_block): Ditto.
--

GnuPG-bug-id: 3898, 3930
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-05-02 20:15:10 +02:00
NIIBE Yutaka
71903eee89 g10: Fix printing the keygrip with --card-status.
* g10/card-util.c (current_card_status): Keygrip for Auth is 3.

--

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-25 09:37:21 +09:00
NIIBE Yutaka
f747b8f073 g10: Fix memory leak in check_sig_and_print.
* g10/mainproc.c (check_sig_and_print): Free the public key.

--

GnuPG-bug-id: 3900
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-13 16:42:34 +09:00
NIIBE Yutaka
c31abf8465 g10: Push compress filter only if compressed.
* g10/compress.c (handle_compressed): Fix memory leak.

--

All other calls of push_compress_filter checks ALGO,
so, do it here, too.

GnuPG-bug-id: 3898
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-13 10:09:02 +09:00
Werner Koch
69c3e7acb7
gpg: Extend the "sig" record in --list-mode.
* g10/getkey.c (get_user_id_string): Add arg R_NOUID.  Change call
callers.
(get_user_id): Add arg R_NOUID.  Change call callers.
* g10/mainproc.c (issuer_fpr_string): Make global.
* g10/keylist.c (list_keyblock_colon): Print a '?' for a missing key
also in --list-mode.  Print the "issuer fpr" field also if there is an
issuer fingerprint subpacket.
--

Scripts used to rely on the "User ID not found" string even in the
--with-colons listing.  However, that is not a good idea because that
string is subject to translations etc.  Now we have an explicit way of
telling that a key is missing.  For example:

  gpg --list-sigs --with-colons | \
    awk -F: '$1=="sig" && $2=="?" {if($13){print $13}else{print $5}}'

Prints all keyids or fingerprint of signing keys for which we do not
have the key in our local keyring.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 17:53:17 +02:00
Werner Koch
23a714598c
gpg: Extend the ERRSIG status line with a fingerprint.
* g10/mainproc.c (issuer_fpr_raw): New.
(issuer_fpr_string): Re-implement using issuer_fpr_rtaw.
(check_sig_and_print): Don't free ISSUER_FPR.  Use ISSUER_FPR_RAW.
Use write_status_printf.  Extend ERRSIG status.
--

Modern OpenPGP implementations put the ISSUER_FPR into the signature
to make it easier to discover the, public needed to check the
signature.  This is also useful in error messages and thus we add it.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 16:41:18 +02:00
Werner Koch
e2bd152a92
gpg: Relax printing of STATUS_FAILURE.
* g10/gpg.c (g10_exit): Print STATUS_FAILURE only based on passed
return code and not on the presence of any call to log_error.
--

This fixes an actual regression in GPGME where FAILURE is considered
for example by a signature verify operation.  The operation will simply
fail and not just record that that a signature could not be verified.
In particular for files with more than one signature a log_error if
often called to show that a pubkey is missing for one of the
signatures.  Using that log_error is correct in that case.

Fixes-commit: 0336e5d1a7b9d46e06c838e6a98aecfcc9542882
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-12 11:49:36 +02:00
Werner Koch
789d240cb4
gpg: New option --no-symkey-cache.
* g10/gpg.c (oNoSymkeyCache): New.
(opts): Add that option.
(main): Set var.
* g10/options.h (struct opt): New field no_symkey_cache.
* g10/passphrase.c (passphrase_to_dek): Implement that feature.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-11 20:35:40 +02:00
Werner Koch
36373798c0
Merge branch 'STABLE-BRANCH-2-2' into master
--
Fixed conflicts:
  NEWS            - keep master
  configure.ac    - merge
  g10/card-util.c - mostly 2.2
  g10/sig-check.c - 2.2
2018-04-10 10:14:30 +02:00
Werner Koch
a4e26f2ee8
doc: Document --key-edit:change-usage
* g10/keyedit.c (menu_changeusage): Make strings translatable.
--

GnuPG-bug-id: 3816
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-09 10:36:26 +02:00
Werner Koch
1a5d95e731
gpg: Check that a key may do certifications.
* g10/sig-check.c (check_signature_end_simple): Check key usage for
certifications.
(check_signature_over_key_or_uid): Request usage certification.
--

GnuPG-bug-id: 3844
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:27 +02:00
Werner Koch
0336e5d1a7
gpg: Emit FAILURE stati now in almost all cases.
* g10/cpr.c (write_status_failure): Make it print only once.
* g10/gpg.c (wrong_args): Bump error counter.
(g10_exit): Print a FAILURE status if we ever did a log_error etc.
(main): Use log_error instead of log_fatal at one place.  Print a
FAILURE status for a bad option.  Ditto for certain exit points so
that we can see different error locations.
--

This makes it easier to detect errors by tools which have no way to
get the exit code (e.g. due to double forking).

GnuPG-bug-id: 3872
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 17:32:25 +02:00
Werner Koch
cfd0779808
doc: Add a code comment about back signatures.
--
2018-04-06 11:01:46 +02:00
Werner Koch
5ba74a134d
gpg: Re-indent sig-check.c and use signature class macros.
* g10/keydb.h (IS_BACK_SIG): New.
* g10/sig-check.c: Re-indent and use macros.
--

This makes the code easier to understand.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-06 10:18:53 +02:00
Werner Koch
d27417d3a5
gpg: Add new OpenPGP card vendor.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-04-05 15:25:13 +02:00
NIIBE Yutaka
870527df0d g10: Let card-edit/key-attr show message when change.
* g10/card-util.c (ask_card_rsa_keysize): Don't show message here.
(ask_card_keyattr): Show message when change, also for ECC.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-05 10:37:23 +09:00
NIIBE Yutaka
a17d2d1f69 g10: Fix filtering by PK->REQ_USAGE.
* g10/getkey.c (get_pubkey_byfprint): Filter by PK->REQ_USAGE.

--

GnuPG-bug-id: 3844
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-04-02 17:44:54 +09:00
NIIBE Yutaka
130ad98240 g10: Fix card-edit/kdf-setup for single salt.
* g10/card-util.c (gen_kdf_data): Use SALT_USER.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 16:55:01 +09:00
NIIBE Yutaka
0c097575a9 g10,scd: Support single salt for KDF data object.
* g10/card-util.c (gen_kdf_data): Support single salt.
(kdf_setup): Can have argument for single salt.
* scd/app-openpgp.c (pin2hash_if_kdf): Support single salt.

--

Gnuk has "admin-less" mode.  To support "admin-less" mode with KDF
feature, salt should be same for user and admin.  Thus, I introduce a
valid use of single salt.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 12:48:04 +09:00
NIIBE Yutaka
820380335a g10: Add "key-attr" command for --card-edit.
* g10/card-util.c (key_attr): New explicit command.
(generate_card_keys, card_generate_subkey): Don't ask key attr change.
(card_edit): Add for cmdKEYATTR.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-30 10:59:10 +09:00
NIIBE Yutaka
a1515b3bbc g10: Support key attribute change at --card-edit/generate.
* g10/card-util.c (ask_card_rsa_keysize): Drop support for magic
number 25519 for ed25519/cv25519.  Rename from ask_card_keyattr.
(ask_card_keyattr): Support ECC, as well as RSA.
(do_change_keyattr): Support ECC dropping magical number 25519.
* g10/keygen.c (ask_curve): Allow call from outside, adding last arg
of CURRENT.
(generate_keypair): Follow the change of ask_curve.
(generate_subkeypair): Likewise.

--

GnuPG-bug-id: 3781
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 11:56:02 +09:00
NIIBE Yutaka
02d7bb819f g10: check_pin_for_key_operation should be just before genkey.
* g10/card-util.c (generate_card_keys): Check PIN later.
(card_generate_subkey): Likewise.

--

Changing key attribute resets PIN authentication status.  So, CHECKPIN
should be after that, before key generation.  Note that CHECKPIN is
done for binding signature.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-29 10:48:37 +09:00
NIIBE Yutaka
e610d51f0d g10: Change ask_curve so that it can be used outside.
* g10/call-agent.h (struct key_attr): New.
* g10/keygen.c (ask_curve): Return const char *.  No allocation.
(quick_generate_keypair): Follow the change.
(generate_keypair, generate_subkeypair): Likewise.
(parse_algo_usage_expire): Return const char *.

--

This change is intended for using ask_curve from card-util.c.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-28 18:44:45 +09:00
Werner Koch
d4dc4245bf
Merge branch 'STABLE-BRANCH-2-2' into master 2018-03-27 08:48:00 +02:00
Werner Koch
eb68c2d3d1
gpg: Auto-fix a broken trustdb with just the version record.
* g10/tdbio.c (get_trusthashrec): Create hashtable on error.

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:20:16 +02:00
Werner Koch
a750ebebf3
gpg: Pass CTRL arg to get_trusthashrec.
* g10/tdbio.c (get_trusthashrec): Add arg CTRL.
(tdbio_search_trust_byfpr): Ditto.
(tdbio_search_trust_bypk): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 18:06:43 +02:00
Werner Koch
403aa70c52
gpg: Return better error codes in case of a too short trustdb.
* g10/tdbio.c (tdbio_read_record): Return GPG_ERR_EOF.
(tdbio_new_recnum): Never return on error.
(lookup_hashtable): Print a more descriptive error in case of !TABLE.
--

Also: tdbio_new_recnum had a bug in that it returned an error code and
not a record number in the error case.  The function is expected to
always return a valid new record number.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 17:55:03 +02:00
Werner Koch
456a3a8e93
gpg: Fix trustdb updates without lock held.
* g10/tdbio.c (is_locked): Turn into a counter.
(take_write_lock, release_write_lock): Implement recursive locks.
--

On trustdb creation we have this call sequence:

  init_trustdb                 -> takes lock
    tdbio_set_dbname
      create_version_record
       tdbio_write_record
         put_record_into_cache -> takes lock
         put_record_into_cache -> releases lock
  init_trustdb                 -> releases lock

The second take lock does noting but the first release lock has
already released the lock and the second release lock is a thus a NOP.
This is likely the cause for the corrupted trustdb as reported in

GnuPG-bug-id: 3839
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:57:04 +02:00
Werner Koch
5f00531463
gpg: Disable unused code parts in tdbio.c
* g10/tdbio.c (in_transaction): Comment this var.
(put_record_into_cache): Comment the transaction code.
(tdbio_sync): Ditto

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-26 16:26:46 +02:00
Werner Koch
2cd35df5db
gpg,sm: New option --request-origin.
* g10/gpg.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* g10/options.h (struct opt): Add field request_origin.
* g10/call-agent.c (start_agent): Send option to the agent.
* sm/gpgsm.c (oRequestOrigin): New const.
(opts): New option --request-origin.
(main): Parse that option.
* sm/gpgsm.h (struct opt): Add field request_origin.
* sm/call-agent.c (start_agent): Send option to the agent.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-23 09:06:20 +01:00
Werner Koch
165bc38cef
gpg: Implement --dry-run for --passwd.
* g10/keyedit.c (change_passphrase): Take care of --dry-run.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-22 10:23:35 +01:00
NIIBE Yutaka
0152ba7c98 scd: Support KDF DO setup.
* g10/call-agent.c (learn_status_cb): Parse the capability for KDF.
* g10/card-util.c (gen_kdf_data, kdf_setup): New.
(card_edit): New admin command cmdKDFSETUP to call kdf_setup.
* scd/app-openpgp.c (do_getattr): Emit KDF capability.

--

GnuPG-bug-id: 3823
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-22 15:50:31 +09:00
Werner Koch
34ec012561
doc: Typo fix in comment.
--
2018-03-21 19:45:31 +01:00
Werner Koch
983f7b2acb
gpg: Fix out-of-bound read in subpacket enumeration
* g10/parse-packet.c (enum_sig_subpkt): Check buflen before reading
the type octet.  Print diagnostic.
--

If the final subpacket has only a length header evaluating to zero and
missing the type octet, a read could happen right behind the buffer.
Valgrind detected this.  Fix is obvious.  Note that the further
parsing of the subpacket is still okay because it always checks the
length.  Note further that --list-packets uses a different code path
and already reported an error.

Reported-by: Philippe Antoine

He provided a test file copied below.  Running "gpg -v --verify" on it
triggered the bug.

-----BEGIN PGP ARMORED FILE-----
Comment: Use "gpg --dearmor" for unpacking

kA0DAAoBov87N383R0QBrQJhYgZsb2wucHlaqTVWYnl0ZXMgPSBbMHg1LCAweDY0
LCAweDRjLCAweGM0LCAweDMsIDB4MCwgMHg0LCAweDAsIDB4YWMsIDB4YSwgMHhj
MSwgMHhjMSwgMHgyLCAweDEsIDB4MiwgMHg3LCAweDQwLCAweDIsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDJkLCAweGRkLCAweDIs
IDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4NzcsIDB4ODcsIDB4MiwgMHgy
LCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHg3NywgMHg4NywgMHgyLCAweDIsIDB4
MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4MiwgMHgyLCAweDIsIDB4Miwg
MHgyLCAweDIsIDB4MiwgMHgyLCAweDc3LCAweDg3LCAweDIsIDB4MiwgMHgyLCAw
eDIsIDB4MiwgMHgyLCAweDIsIDB4MCwgMHhhZF0KCmZvciBpIGluIHJhbmdlKGxl
bihieXRlcykpOgogICAgaWYgaSUxNiA9PSAwOgogICAgICAgIHByaW50CiAgICAg
ICAgcHJpbnQgIiUwNngiICUgaSwKICAgIHByaW50ICIlMDJ4ICIgJSBieXRlc1tp
XSwKiQJNBAABCgAeFiEEU+Y3aLjDLA3x+9Epov87N383R0QFAlqpNVYAAAoJEKL/
Ozd/N0dElccP/jBAcFHyeMl7kop71Q7/5NPu3DNULmdUzOZPle8PVjNURT4PSELF
qpJ8bd9PAsO4ZkUGwssY4Kfb1iG5cR/a8ADknNd0Cj9/QA2KMVNmgYtReuttAjvn
hQRm2VY0tvDCVAPI/z8OnV/NpOcbk8kSwE+shLsP7EwqL5MJNMXKqzm1uRxGNYxr
8TNuECo3DO64O2NZLkMDXqq6lg+lSxvDtXKxzKXgVC+GMtOE56lDwxWLqr39f9Ae
Pn0q2fVBKhJfpUODeEbYSYUp2hhmMUIJL/ths9MvyRZ9Z/bHCseFPT58Pgx6g+MP
q+iHnVZEIVb38XG+rTYW9hvctkRZP/azhpa7eO8JAZuFNeBGr4IGapwzFPvQSF4B
wBXBu0+PPrV9VJVe98P4nw2xcuJmkn6mgZhRVYSqDIhY64bSTgQxb/pdtGwrTjtL
WoUKVI+joLRPnDmwexH9+QJCB+uA6RsN/LqsQfDseyr40Z6dHJRqWGgP3ll6iZgw
WF768uiIDJD8d4fegVnkpcH98Hm0I/dKsMR1MGV/sBxYC8mAOcOWwSPNGDqPlwwR
eWPdr1O6CoYEWwiZMicSe0b5TsjB5nkAWMy7c9RyhtMJzCQ/hFpycpj0A0Zs+OGa
eJQMZZV0s8AQZ04JzoX0zRpe0RcTyJn3Tr6QGbVi9tr+QdKHFuDMUqoX
=qYZP
-----END PGP ARMORED FILE-----

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-21 19:43:33 +01:00
NIIBE Yutaka
2c85e202bc scd: Better user interaction for factory-reset.
* g10/card-util.c (factory_reset): Dummy PIN size is now 32-byte.
Connect the card again at the last step.

--

Before the change, a user has to quit the session to continue.  Now,
it is possible to type RET in the session and see if it's really done.

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-16 11:27:33 +09:00
NIIBE Yutaka
334b948981 gpg: Fix build on Windows.
--

WIN32_LEAN_AND_MEAN is required to avoid definitions of grp1, grp2,
and grp3 in dlgs.h, which is included by windows.h.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-03-08 14:08:51 +09:00
Werner Koch
f574aabeeb
Merge branch 'STABLE-BRANCH-2-2' into wk-master 2018-03-06 16:26:26 +01:00
Werner Koch
bf43b39c05
gpg: Fix regression in last --card-status patch
--

Sorry, I accidentally pushed the last commit without having amended it
with this fix.

Fixes-commit: fd595c9d3642dba437fbe0f6e25d7aaaae095f94
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-01 19:10:10 +01:00
Werner Koch
fd595c9d36
gpg: Print the keygrip with --card-status
* g10/call-agent.h (agent_card_info_s): Add fields grp1, grp2 and
grp3.
* g10/call-agent.c (unhexify_fpr): Allow for space as delimiter.
(learn_status_cb): Parse KEYPARIINFO int the grpX fields.
* g10/card-util.c (print_keygrip): New.
(current_card_status): Print "grp:" records or with --with-keygrip a
human readable keygrip.
--

Suggested-by: Peter Lebbing <peter@digitalbrains.com>
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-03-01 19:03:23 +01:00
Werner Koch
f2c09203b9
gpg: Avoid writing a zero length last chunk in AEAD mode.
* g10/cipher-aead.c (write_header): Do not call set_nonce_and_ad.
(write_final_chunk): Do not increase chunkindex.
(do_flush): Call set_nonce_and_ad immediately before the first
encryption of a chunk.  Bump up the chunkindex after writing the tag.
(do_free): Do not insert a zero length last chunk.
* g10/decrypt-data.c (aead_underflow): Fix the corresponding bug.
--

This fixes a bug in writing a zero length last chunk right before the
final chunk (which has by design a zero length).  We also need to
adjust the decryption part because that assumed this zero length last
chunk.

Note that we use the term "last chunk" for the chunk which directly
precedes the "final chunk" which ends the entire encryption.

GnuPG-bug-id: 3774
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 09:39:57 +01:00
Werner Koch
047506a03d
gpg: Merge two functions in cipher-aead.c
* g10/cipher-aead.c (set_nonce, set_additional_data): Merge into ...
(set_nonce_and_ad): new function.
(write_auth_tag): Print error message here.
(do_flush): Rename var newchunk to finalize.
--

There is no need to have separate functions here.  We should also
print a error message for writing the final tag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-28 08:48:48 +01:00
Werner Koch
618b86325f
gpg: Simplify the AEAD decryption function.
* g10/decrypt-data.c (aead_set_nonce, aead_set_ad): Merge into ...
(aead_set_nonce_and_ad): new single function.  Change callers.
(decrypt_data): Do not set the nonce and ad here.
(aead_underflow): Get rid of the LAST_CHUNK_DONE hack.
--

The main change here is that we now re-init the context only right
before we decrypt and not after a checktag.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-27 21:11:34 +01:00
Werner Koch
ad989373f1
gpg: Factor common code out of the AEAD decryption function.
* g10/decrypt-data.c (aead_underflow): Factor reading and checking
code code out to ...
(fill_buffer, aead_checktag): new functions.
--

Here is a simple test script to check against a set of encrypted files
with naming convention like "symenc-aead-eax-c6-56.asc"

# ------------------------ >8 ------------------------
set -e
GPG=../g10/gpg
for file in "$@"; do
  echo "${file##*/}" | ( IFS=- read dummy1 dummy2 mode cbyte len rest
  len="${len%.*}"
  cbyte="${cbyte#c}"
  [ "$dummy1" != "symenc" -o "$dummy2" != "aead" ] && continue
  echo "checking mode=$mode chunkbyte=$cbyte length=$len"
  if ! $GPG --no-options --rfc4880bis --batch --passphrase "abc" \
             -d < $file >tmp.plain 2>/dev/null; then
      echo "Decryption failed for $file" >&2
      exit 2
  fi
  plainlen=$(wc -c <tmp.plain)
  if [ $plainlen -ne $len ]; then
      echo "Plaintext length mismatch for $file (want=$len have=$plainlen)" >&2
      exit 2
  fi

  )
done
echo "all files are okay" >&2
# ------------------------ 8< ------------------------

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-27 20:19:32 +01:00
Werner Koch
b703ba725d
gpg: Rename cipher.c to cipher-cfb.c
* g10/cipher.c: Rename to ...
* g10/cipher-cfb.c: this.
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-27 13:57:57 +01:00
Werner Koch
ebb0fcf6e0
gpg: Fix corner cases in AEAD encryption.
* g10/cipher-aead.c (write_final_chunk): Do not bump up the chunk
index if the previous chunk was empty.
* g10/decrypt-data.c (aead_underflow): Likewise.  Also handle a other
corner cases.  Add more debug output.
--

GnuPG-bug-id: 3774

This fixes the reported case when the encrypted data is a multiple of
the chunk size.  Then the chunk index for the final chunk was wrongly
incremented by 2.  The actual fix makes use of the fact that the
current dfx->CHUNKLEN is 0 in this case.  There is also some other
reorganizing to help with debugging.  The thing seems to work now but
the code is not very clean - should be reworked.  Creating test files
can be done with this script:

--8<---------------cut here---------------start------------->8---
csize=6
for len in 0 55 56 57; do
   awk </dev/null -v i=$len 'BEGIN{while(i){i--;printf"~"}}' \
     | gpg --no-options -v --rfc4880bis --batch --passphrase "abc" \
           --s2k-count 1025 --s2k-digest-algo sha256 -z0 \
           --force-aead --aead-algo eax --cipher aes -a \
           --chunk-size $csize -c >symenc-aead-eax-c$csize-$len.asc
done
--8<---------------cut here---------------end--------------->8---

A LEN of 56 triggered the bug which can be seen by looking at the
"authdata:" line in the --debug=crypt,filter output.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-27 13:53:52 +01:00
Werner Koch
cbc7bacf2f
gpg: Try to mitigate the problem of wrong CFB symkey passphrases.
* g10/mainproc.c (symkey_decrypt_seskey): Check for a valid algo.
--

GnuPG-bug-id: 3795
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-23 10:49:19 +01:00
Werner Koch
20539ea5ca
Merge branch 'STABLE-BRANCH-2-2' 2018-02-22 16:19:56 +01:00
Werner Koch
b375d50ee4
gpg: Don't let gpg return failure on an invalid packet in a keyblock.
* g10/keydb.c (parse_keyblock_image): Use log_info instead of
log_error for skipped packets.
* g10/keyring.c (keyring_get_keyblock): Ditto.
--

log_info should be sufficient and makes this more robust.  Some
tools (e.g. Enigmail) are too picky on return codes from gpg.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-22 14:23:01 +01:00
NIIBE Yutaka
88e766d391
g10: Select a secret key by checking availability under gpg-agent.
* g10/getkey.c (finish_lookup): Add WANT_SECRET argument to confirm
by agent_probe_secret_key.
(get_pubkey_fromfile, lookup): Supply WANT_SECRET argument.

--

GnuPG-bug-id: 1967
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
(cherry picked from commit 0a76611294998ae34b9d9ebde484ef8ad3a9a3a6)
2018-02-22 10:42:42 +01:00
NIIBE Yutaka
ca138d5bf3 gpg: Fix reversed messages for --only-sign-text-ids.
* g10/keyedit.c (keyedit_menu): Fix messages.

--

GnuPG-bug-id: 3787
Fixes-commit: a74aeb5dae1f673fcd98b39a6a0496f3c622709a
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
2018-02-15 14:22:06 +09:00
Werner Koch
8305739fe8
gpg: Fix packet length checking in symkeyenc parser.
* g10/parse-packet.c (parse_symkeyenc): Move error printing to the
end.  Add additional check to cope for the 0je extra bytes needed for
AEAD.
--

Fixes-commit: 9aab9167bca38323973e853845ca95ae8e9b6871
GnuPG-bug-id: 3780
2018-02-06 17:37:27 +01:00
Werner Koch
f98e193c84
gpg: Update list of card vendors from master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-02-01 12:05:19 +01:00
Werner Koch
26c900a8f0
Add a new OpenPGP card vendor.
--
2018-02-01 12:02:13 +01:00
Werner Koch
303310d05e
gpg: Rename a misnomed arg in open_outfile.
* g10/openfile.c (open_outfile): Rename inp_fd to out_fd.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-28 18:59:18 +01:00
Werner Koch
149369a92b
Merge branch 'STABLE-BRANCH-2-2' into master
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-25 16:58:29 +01:00
Werner Koch
db7661b5a2
gpg: New maintainer option --debug-set-iobuf-size.
* g10/gpg.c (opts): Add new option.
(opt_set_iobuf_size): New var.
(set_debug): Set the option.
* tests/openpgp/armor.scm: Use this option to revert the buffer size
to the one which used to exhibit the tested bugs.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 18:38:20 +01:00
Werner Koch
ff1bdc23d9
gpg: Fix AEAD encryption for chunk sizes other than 64 KiB.
* g10/cipher-aead.c (do_flush): Init ERR.  Fix remaining chunklen
computation.
(do_free): Add dummy encryption.  Close the cipher handle.
* g10/decrypt-data.c (aead_underflow): Rewrite.
--

Until we have integrated test into the test suite extensive tests can
also be done with a script like this:

--8<---------------cut here---------------start------------->8---
#!/bin/sh

set -e
GPG="../g10/gpg --rfc4880bis --pinentry-mode=loopback"
GPG="$GPG --passphrase abc --batch"
MKTDATA="$HOME/b/gnupg-2.0/tools/mk-tdata"

for chunksize in 6 7 12 13 14 30; do
for count in $(seq 1 200) $(seq 8100 8200) \
             $(seq 16350 16400) $(seq 20000 20100); do
  if [ ! -f "testfile-$count" ]; then
    $MKTDATA $count >"testfile-$count"
  fi
  echo "testing chunk size 2^$chunksize with $count bytes"
  $GPG --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES -v -z 0 \
      -c --chunk-size $chunksize \
       <"testfile-$count" >"testfile-$count.gpg" 2>/dev/null
  $GPG -vd <"testfile-$count.gpg" >"testfile-$count.out" 2>/dev/null
  if ! cmp "testfile-$count" "testfile-$count.out"; then
    echo "FAILED comparing count $count" >&2
    exit 1
  fi
done
done
echo All good
--8<---------------cut here---------------end--------------->8---

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 13:45:05 +01:00
Werner Koch
83a15fa88e
gpg: Rename a variable in decrypt-data for clarity.
* g10/decrypt-data.c (decode_filter_context_s): Rename field 'defer'
to 'holdback' and replace 'defer_filled' flag into 'holdbacklen'.
Change all users.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-24 08:59:06 +01:00
Werner Koch
f3ef8b0dca
gpg: New option --chunk-size.
* g10/gpg.c (opts): New option --chunk-size.
(oChunkSize): New const.
(build_list_aead_test_algo, build_list_aead_algo_name): New.
(my_strusage): List AEAD algos.
(main): Implement --chunk-size..
* g10/options.h (struct opt): Add field 'chunk_size'.
(DBG_IPC): Remove duplicated macro.
* g10/main.h (DEFAULT_AEAD_ALGO): Depend on Libgcrypt version.
* g10/misc.c (openpgp_aead_test_algo): Ditto.

* g10/cipher-aead.c: Silence if not in debug mode.
* g10/decrypt-data.c: Ditto.
--

And that new option immediatley revealed bugs in our chunking code :-(.
2018-01-23 19:08:16 +01:00
Werner Koch
112e02ee89
gpg: Copy the AEAD prefs to the user ID struct.
* g10/getkey.c (fixup_uidnode): Copy the AEAD prefs.
--

With this patch AEAD preferences are now properly created and
displayed.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:51:38 +01:00
Werner Koch
278d874656
gpg: Clear the symmetric passphrase cache for encrypted session keys.
* g10/mainproc.c (proc_symkey_enc): Clear the symmetric key cache on
error.
(proc_encrypted): Need to take are of the checksum error.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:08:02 +01:00
Werner Koch
9aab9167bc
gpg: Implement AEAD for SKESK packets.
* g10/packet.h (PKT_symkey_enc): Add field aead_algo.
* g10/build-packet.c (do_symkey_enc): Support version 5 packets.
* g10/parse-packet.c (parse_symkeyenc): Ditto.
* g10/encrypt.c (encrypt_symmetric): Force using a random session
key in AEAD mode.
(encrypt_seskey): Add and support arg aead_algo.
(write_symkey_enc): Ditto.
(encrypt_simple): Adjust accordingly.
(encrypt_filter): Ditto.
* g10/gpgcompose.c (sk_esk): For now call encrypt_seskey without AEAD
support.
* g10/mainproc.c (symkey_decrypt_seskey): Support AEAD.  Nver call BUG
but return an error.
(proc_symkey_enc): Call symkey_decrypt_seskey in a bug compatible way.

* g10/import.c (check_prefs): Check AEAD preferences.
* g10/keyedit.c (show_prefs): Print AEAD preferences.
--

For easier debugging this patch also changes some diagnostics to also
print the encryption mode with the cipher algorithm.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-23 12:07:57 +01:00
Werner Koch
da3015e3c0
gpg: Unify AEAD parameter retrieval.
* g10/pkclist.c (select_aead_from_pklist): Return the AEAD_algo.
* g10/encrypt.c (use_aead): Return the AEAD algo.
(encrypt_simple): Adjust for this change.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

* g10/misc.c (MY_GCRY_CIPHER_MODE_EAX): New.
(openpgp_aead_algo_info): New.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(write_header): Use new fucntion.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): Remove.
(decrypt_data): Use new function.  Also allow for chunkbytes other
than 10.
--

Note that other chunk bytes than 10 and in particular 0 (64 byte
chunks) have not yet been tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 16:50:21 +01:00
Werner Koch
0131d4369a
gpg: Refactor function encrypt_seskey.
* g10/encrypt.c (encrypt_seskey): Allocate the buffer for the
encrypted key and returns that buffer and its length.
(encrypt_simple): Adjust for above change.
(write_symkey_enc): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-22 15:50:24 +01:00
Werner Koch
7356d6ec50
gpg: Support EAX if for latest Libgcrypt.
* g10/cipher-aead.c (MY_GCRY_CIPHER_MODE_EAX): New.
(write_header): Use it.
* g10/decrypt-data.c (MY_GCRY_CIPHER_MODE_EAX): New.
(decrypt_data): Use it.
* g10/misc.c (openpgp_aead_test_algo): Allow EAX.
--

This allows the use of EAX when the latest Libgcrypt master is used.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 17:00:27 +01:00
Werner Koch
3f4ca85cb0
gpg: First take on PKT_ENCRYPTED_AEAD.
* common/openpgpdefs.h (PKT_ENCRYPTED_AEAD): New const.
* g10/dek.h (DEK): Increase size of use_aead to 4 bits.
* g10/filter.h (cipher_filter_context_t):  Add new fields for AEAD.
* g10/packet.h (PKT_encrypted): Add fields aead_algo, cipher_algo, and
chunkbyte.
* g10/build-packet.c (do_encrypted_aead): New.
(build_packet): Call it.
* g10/parse-packet.c (dump_sig_subpkt): Handle SIGSUBPKT_PREF_AEAD.
(parse_one_sig_subpkt, can_handle_critical): Ditto.
(parse_encrypted): Clear new PKT_ENCRYPTED fields.
(parse_encrypted_aead): New.
(parse): Call it.
* g10/gpg.c (main): Take care of --rfc4880bis option when checking
compliance.
* g10/cipher-aead.c: Replace the stub by real code.
* g10/decrypt-data.c (decode_filter_ctx_t): Add fields for use with
AEAD.
(aead_set_nonce): New.
(aead_set_ad): New.
(decrypt_data): Support AEAD.
(aead_underflow): New.
(aead_decode_filter): New.
* g10/encrypt.c (use_aead): Make that new fucntion work.
(encrypt_simple): Use default_aead_algo() instead of EAX.
* g10/mainproc.c (proc_encrypted): Support AEAD.
(do_proc_packets): Support PKT_ENCRYPTED_AEAD.
--

This code has seen only a very few manual tests.  Encrypting always
uses a 64k chunks and decryption has not been tested with larger
chunks.  Those small chunks make debugging much faster.

Tests can be done using:

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \
      --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \
      -v -z 0 --status-fd 2 -c <INFILE >OUTFILE

and

  gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \
      --status-fd 2 -v -d <INFILE >OUTFILE

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-21 16:30:53 +01:00
Werner Koch
e1e35db510
gpg: Fix the use of future-default with --quick-add-key.
* g10/keygen.c (parse_key_parameter_part): Add arg clear_cert.
(parse_key_parameter_string): Add arg suggested_use and implement
fallback.  Change callers to pass 0 for new arg.
(parse_algo_usage_expire): Pass the parsed USAGESTR to
parse_key_parameter_string so that it can use it in case a subkey is
to be created.
--

The problem here was that future-default gives the primary and subkey
algorithm.  However, when using future-default for adding a key, the
second part was always used which is for encryption.  If the caller
now wanted to create a signing subkey using the future-default
parameters this did not worked.

  gpg --batch --passphrase "" --quick-add-key FPR future-default encr

aready worked as did

  gpg --batch --passphrase "" --quick-add-key FPR ed25519 sign

but

  gpg --batch --passphrase "" --quick-add-key FPR future-default sign

does only work with this fix.

GnuPG-bug-id: 3747
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-18 13:39:19 +01:00
Werner Koch
81d71818d0
gpg: Add stub function for encrypting AEAD.
* g10/cipher.c (cipher_filter): Rename to cipher_filter_cfb.
* g10/cipher-aead.c: New.  Right now only with a stub function.
* g10/Makefile.am (gpg_sources): Add file.
* g10/encrypt.c (encrypt_simple): Push either cipher_filter_cfb or
cipher_filter_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:33:50 +01:00
Werner Koch
4e2ba546cd
gpg: New option --force-aead
* g10/dek.h (DEK): Turn fields use_mdc, algo_printed and symmetric
into single bit vars.  Make sure they are always set to 1 or 0.
(DEK): New field use_aead.
* g10/options.h (struct opt): New field force_aead.
* g10/pkclist.c (select_aead_from_pklist): New.
* g10/gpg.c (oForceAEAD): New const.
(opts): New options "--force-aead".
(main): Set new option.
* g10/encrypt.c (use_aead): New.
(encrypt_simple): Implement new flags DEK.use_aead.
(encrypt_crypt): Ditto.
(encrypt_filter): Ditto.
* g10/sign.c (sign_symencrypt_file): Ditto.
--

This patch should be enough to detect whether AEAD can be used.
Not tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 17:07:11 +01:00
Werner Koch
8217cd4936
gpg: Add option and preference framework for AEAD.
* common/openpgpdefs.h (aead_algo_t): New.
(SIGSUBPKT_PREF_AEAD): New.
* g10/gpg.c (oAEADAlgo, oPersonalAEADPreferences): New.
(opts): New options --aead-algo and --personal-aead-preferences.
(set_compliance_option): Clar aead algo.
(main): Parse and check the new options
* g10/options.h (struct opt): Add fields def_aead_algo and
personal_aead_prefs.
* g10/packet.h (PREFTYPE_AEAD): New enum value.
(PKT_user_id): Add field flags.aead.
(PKT_public_key): Add field flags.aead.
* g10/pkclist.c (select_algo_from_prefs): Support PREFTYPE_AEAD.
* g10/getkey.c (fixup_uidnode): Set AEAD flag.
(merge_selfsigs): Ditto.
* g10/kbnode.c (dump_kbnode): Show aead flag.
* g10/keyedit.c (show_prefs): Ditto.
(show_key_with_all_names_colon): Ditto.
* g10/keygen.c (aead_presf, n_aead_prefs): New vars.
(set_one_pref): Suppport PREFTYPE_AEAD.
(keygen_set_std_prefs): Parse AEAD preferences.
(keygen_get_std_prefs): Ditto.
(add_feature_aead): New.
(keygen_upd_std_prefs): Call that and build AEAD pref  packet.
* g10/main.h (DEFAULT_AEAD_ALGO): New const.
* g10/misc.c (openpgp_aead_test_algo): New.
(openpgp_aead_algo_name): New.
(string_to_aead_algo): New.
(default_aead_algo): New.
--

This is only used in --rfc4880bis mode and not really tested.

Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-10 11:51:03 +01:00
Werner Koch
339b3301ee
gpg: Print all keys with --decrypt --list-only.
* g10/mainproc.c (proc_pubkey_enc): Use dedicated error code for
list-only and put the key into PKENC_LIST.
(print_pkenc_list): Take care of the new error code.
--

If the secret keys exist in --list-only mode it was not printed in
--list-only mode.

GnuPG-bug-id: 3718
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-08 09:30:31 +01:00
Werner Koch
4d3c500f47
gpg: Allow "futuredefault" as alias for "future-default".
* g10/keygen.c (parse_key_parameter_string): Allow "futuredefault" and
use case-insensitive matching
(quick_generate_keypair): Ditto.
(parse_algo_usage_expire): Ditto.
--

The man page is sometimes rendered in a way that the hyphen may be
not be considered as part of the string.  And while at it we also
allow case-insensitivity.

GnuPG-bug-id: 3655
Signed-off-by: Werner Koch <wk@gnupg.org>
2018-01-01 14:59:30 +01:00
Werner Koch
412bb7a801
gpg: Allow the use of "cv25519" and "ed25519" in the keygen parms.
* g10/keygen.c (gen_ecc): Map curve names.
--

See
https://lists.gnupg.org/pipermail/gnupg-users/2017-December/059619.html

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-29 20:18:20 +01:00
Werner Koch
c817e75028
Merge branch 'STABLE-BRANCH-2-2' into master
--

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-18 16:42:59 +01:00
Werner Koch
416cf9e9be
gpg: Print a warning for too much data encrypted with 3DES et al.
* g10/filter.h (cipher_filter_context_t): Remove unused filed
'create_mdc'.  Turn field 'header' into a bit field.  Add new fields
'short_blklen_warn' and 'short_blklen_count'.
* g10/cipher.c (write_header): Print a warning if MDC is not used.
(cipher_filter): Print a warning for long messages encrypted with a
short block length algorithm.
--

Note that to test this warning in a reliable way compression needs to
be disabled.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 13:02:34 +01:00
Werner Koch
b5333e13cb
gpg: Simplify cipher:write_header.
* g10/cipher.c (write_header): Use write_status_printf.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 12:15:40 +01:00
Werner Koch
067e62fe55
indent: Re-indent g10/cipher.c
--
2017-12-13 12:14:52 +01:00
Werner Koch
9f641430dc
gpg: Simplify default_recipient().
* g10/pkclist.c (default_recipient): Use hexfingerprint.
--

Note that on malloc failure this function now returns NULL instead of
terminating the process.  However, under memory pressure any function
called latter will very likely fail as well.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 11:03:06 +01:00
Werner Koch
cd26c5482b
gpg: Return an error from hexfingerprint on malloc error.
* g10/keyid.c (hexfingerprint): Return NULL on malloc failure.  Chnage
all callers.

Signed-off-by: Werner Koch <wk@gnupg.org>
2017-12-13 10:52:34 +01:00